CVE-2026-44185

Published: June 11, 2026Last modified: June 22, 2026

Description

Buffer Over-read vulnerability in Apache HTTP Server via outbound OCSP requests to an attacker controlled OCSP server This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67. Users are recommended to upgrade to version 2.4.68, which fixes the issue.

Severity score breakdown

ParameterValue
Base score7.3
Attack VectorNETWORK
Attack complexityLOW
Privileges requiredNONE
User interactionNONE
ScopeUNCHANGED
ConfidentialityLOW
Integrity impactLOW
Availability impactLOW
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Status

ProductReleasePackageStatus
Alpaquita Linux23 LTSapache2Fixed (2.4.68-r0)
25 LTSapache2Fixed (2.4.68-r0)
Streamapache2Fixed (2.4.68-r0)

References

ON THIS PAGE